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DEITYBOUNCE 



ANT Product Data 



(TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell 
PowerEdge servers by exploiting the motherboard BIOS and utilizing System 
Management Mode (SMM) to gain periodic execution while the Operating System 
loads. 



(TS//SI//REL) This technique supports multi-processor systems with RAID hardware 
and Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 
1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 
1.2.0, or 1.3.7. 

(TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to re- 
flash the BIOS on a target machine to implant DEITYBOUNCE and its payload (the 
implant installer). Implantation via interdiction may be accomplished by non- 
technical operator though use of a USB thumb drive. Once implanted, 
DEITYBOUNCE’s frequency of execution (dropping the payload) is configurable and 
will occur when the target machine powers on. 

Status: Released / Deployed. Ready for Unit Cost: $0 

Immediate Delivery 

POC: S32221, ■HU, 




Interactive OPS Console 

(TS//SI//REL) DEITYBOUNCE Extended Concept of Operations 
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GODSURGE 

ANT Product Data 



(TS//SI//REL) GODSURGE runs on the FLUXBABBITT hardware implant and 
provides software application persistence on Dell PowerEdge servers by exploiting 
the JTAG debugging interface of the server’s processors. 
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(TS//SI//REL) FLUXBABBITT Hardware 
Implant for PowerEdge 1950 



I 



(TS//SI//REL) This technique supports Dell PowerEdge 1950 and 2950 servers that 
use the Xeon 5100 and 5300 processor families. 

(TS//SI//REL) Through interdiction, the JTAG scan chain must be reconnected on 
the target system by removing the motherboard from the chassis and attaching the 
depopulated parts back onto the circuit board. After this step is complete, the 
hardware implant itself must be attached to the motherboard. The implants should 
already be programmed with the GODSURGE application code and its payload, the 
implant installer. Once implanted. GODSURGE’s frequency of execution (dropping 
the payload) is configurable and will occur when the target machine powers on. 



Status: Released / Deployed. Ready for Unit Cost: $500 for Hardware 

Immediate Delivery and Installation 



POC: 



S32221, 
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IRONCHEF 

ANT Product Data 



(TS//SI//REL) IRONCHEF provides access persistence to target systems by 
exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to 
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communicate with a hardware implant that provides two-way RF communication. 
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(TS//SI//REL) IRONCHEF Extended Concept of Operations 



(TS//SI/REL) This technique supports the HP Proliant 380DL G5 server, onto which 
a hardware implant has been installed that communicates over the l 2 C Interface 
(WAGONBED). 

(TS//SI//REL) Through interdiction, IRONCHEF. a software CNE implant and the 
hardware implant are installed onto the system. If the software CNE implant is 
removed from the target machine, IRONCHEF is used to access the machine, 
determine the reason for removal of the software, and then reinstall the software 
from a listening post to the target system. 



Status: Ready for Immediate Delivery Unit Cost: $0 

POC: S32221, I 
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